The embodiments described herein relate generally to database indices and, more particularly, to database security using one or more indices.
Object-level security in an enterprise application traditionally uses a simple model in which an administrator defines users, assigns the users to groups and/or roles, and defines certain access privileges for those users, groups, and/or roles. For example, each object in a relational database has an associated access control list that describes what users, groups, and/or roles have access to the object. However, such security methods result in poor performance because search results in the database must also be filtered based on the access control lists of returned objects. Moreover, such security methods require the filtering to be performed on the client side, which increases the risk of exposing data that should not be. Furthermore, such security methods use some means of displaying data that cannot be effectively filtered such that even known search-and-filter methods still expose data that should not be.